Authenticating clients can be a straightforward task when using a single server. For example, clients of a server running a web application can be authenticated using a username and password with session information being stored in a cookie with server-side state information. Similarly, authentication using cookies and sessions can be performed using a group of servers with server-side state information.
However, these traditional approaches can be problematic with enterprise-level applications that include many application nodes. For example, storing credential-specific state information server-side can be problematic if a node fails. In addition, security can be an issue when storing credential-specific information at the client device.
Therefore, there exists ample opportunity for improvement in technologies related to authenticating users.